Older versions of Zoom could allow hackers to take over your macOS through a privilege escalation vulnerability. But the latest Zoom update (5.11.5) fixes this bug. If you use Zoom on your Mac, you should update the software now.
This update comes just a week after Zoom disclosed its privilege escalation vulnerability. in a security bulletin. The vulnerability (CVE-2022-28756) received wide coverage after Patrick Wardle, founder of the Objective-See Foundation, demonstrated it at a Def Con hacking conference on August 12.
The vulnerability extends from a bug in Zoom’s automatic update system. Normally, Zoom checks update packages for a cryptographic signature. This verifies that the update is authentic and published by the Zoom company. But if you give a file the same name as Zoom’s cryptographic signature, the software will execute that file without asking any questions.
In the worst case scenario, hackers could use this flaw to plant RATs (Remote Access Trojans) on your Mac. But this vulnerability could open the door to any malware, including ransomware. It’s no wonder Zoom pushed through such a quick fix.
I suggest opening Zoom on your Mac (even if you don’t use it often) to run an automatic update. If you want to make sure that Zoom actually installs the 5.11.5 update, continue with the manual update process.
Source: Zoom via The Verge